Send 403 for auth error
This commit is contained in:
parent
7a370e7885
commit
594085c6f5
|
@ -117,9 +117,8 @@ function unset_permanent() {
|
||||||
function auth_error($error) {
|
function auth_error($error) {
|
||||||
global $adminer, $has_token;
|
global $adminer, $has_token;
|
||||||
$session_name = session_name();
|
$session_name = session_name();
|
||||||
if (!$_COOKIE[$session_name] && $_GET[$session_name] && ini_bool("session.use_only_cookies")) {
|
if (isset($_GET["username"])) {
|
||||||
$error = lang('Session support must be enabled.');
|
header("HTTP/1.1 403 Forbidden"); // 401 requires sending WWW-Authenticate header
|
||||||
} elseif (isset($_GET["username"])) {
|
|
||||||
if (($_COOKIE[$session_name] || $_GET[$session_name]) && !$has_token) {
|
if (($_COOKIE[$session_name] || $_GET[$session_name]) && !$has_token) {
|
||||||
$error = lang('Session expired, please login again.');
|
$error = lang('Session expired, please login again.');
|
||||||
} else {
|
} else {
|
||||||
|
@ -134,6 +133,9 @@ function auth_error($error) {
|
||||||
unset_permanent();
|
unset_permanent();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if (!$_COOKIE[$session_name] && $_GET[$session_name] && ini_bool("session.use_only_cookies")) {
|
||||||
|
$error = lang('Session support must be enabled.');
|
||||||
|
}
|
||||||
$params = session_get_cookie_params();
|
$params = session_get_cookie_params();
|
||||||
cookie("adminer_key", ($_COOKIE["adminer_key"] ? $_COOKIE["adminer_key"] : rand_string()), $params["lifetime"]);
|
cookie("adminer_key", ($_COOKIE["adminer_key"] ? $_COOKIE["adminer_key"] : rand_string()), $params["lifetime"]);
|
||||||
page_header(lang('Login'), $error, null);
|
page_header(lang('Login'), $error, null);
|
||||||
|
|
|
@ -5,6 +5,7 @@ Make master key unreadable to others (bug #410)
|
||||||
Fix edit by long non-utf8 string
|
Fix edit by long non-utf8 string
|
||||||
Specify encoding for PHP 5.6 with invalid default_charset
|
Specify encoding for PHP 5.6 with invalid default_charset
|
||||||
Fix saving NULL value, bug since Adminer 4.0.3
|
Fix saving NULL value, bug since Adminer 4.0.3
|
||||||
|
Send 403 for auth error
|
||||||
MySQL: Use utf8mb4 if available
|
MySQL: Use utf8mb4 if available
|
||||||
PostgreSQL: Materialized views
|
PostgreSQL: Materialized views
|
||||||
Elasticsearch: Use where in select
|
Elasticsearch: Use where in select
|
||||||
|
|
Loading…
Reference in a new issue